Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
38	CVE-2025-33238 NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability wh	HIGH	7.5	0.0%		2026-03-24
38	CVE-2026-30075 OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-33254 NVIDIA Triton Inference Server contains a vulnerability where an attacker may ca	HIGH	7.5	0.0%		2026-03-24
38	CVE-2026-39356 Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle O	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-33512 WWBN AVideo is an open source video platform. In versions up to and including 26	HIGH	7.5	0.0%		2026-03-23
38	CVE-2026-40198 Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-39885 ## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-pa	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-35036 ### Summary Ech0 implements link preview (editor fetches a page title) thro	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2026-34226 Happy DOM is a JavaScript implementation of a web browser without its graphical	HIGH	7.5	0.0%	FIX	2026-03-27
38	CVE-2026-35486 text-generation-webui is an open-source web interface for running Large Language	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-34785 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-22744 In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controll	HIGH	7.5	0.0%	FIX	2026-03-27
38	CVE-2026-4660 HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-32538 Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMT	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-33307 Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior t	HIGH	7.5	0.0%		2026-03-24
38	CVE-2026-33180 ### Impact When setting headers in HTTP requests, the internal HTTP client sends	HIGH	7.5	0.0%	FIX	2026-03-18
38	CVE-2026-40069 BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2,	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-33680 Vikunja is an open-source self-hosted task management platform. Prior to version	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2026-32299 # Security Advisory - Page Content Retrieval (Improper Authorization) ## Summar	HIGH	7.5	0.0%	FIX	2026-03-23
38	CVE-2026-32292 The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enab	HIGH	7.5	0.0%		2026-03-17
38	CVE-2026-34453 SiYuan is a personal knowledge management system. Prior to version 3.6.2, the pu	HIGH	7.5	0.0%	FIX	2026-03-31
38	CVE-2026-30689 A blog.admin v.8.0 and before system's getinfobytoken API interface contains an	HIGH	7.5	0.0%		2026-03-27
38	CVE-2026-33870 ## Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer	HIGH	7.5	0.0%	FIX	2026-03-26
38	CVE-2026-33894 ## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures f	HIGH	7.5	0.0%	FIX	2026-03-26
38	CVE-2026-28389 Issue summary: During processing of a crafted CMS EnvelopedData message with Key	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-33710 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, RE	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-28390 Issue summary: During processing of a crafted CMS EnvelopedData message with Key	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2025-65114 Apache Traffic Server allows request smuggling if chunked messages are malformed	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-28876 A parsing issue in the handling of directory paths was addressed with improved p	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-2285 CrewAI contains a arbitrary local file read vulnerability in the JSON loader too	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-25312 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly	HIGH	7.5	0.0%		2026-03-19
38	CVE-2026-32546 Missing Authorization vulnerability in StellarWP Restrict Content restrict-conte	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-3124 The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Objec	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-1947 The NEX-Forms - Ultimate Forms Plugin for WordPress plugin for WordPress is vuln	HIGH	7.5	0.0%		2026-03-15
38	CVE-2026-33540 Distribution is a toolkit to pack, ship, store, and deliver container content. P	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2026-25397 Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-32297 The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary	HIGH	7.5	0.0%		2026-03-17
38	CVE-2026-34209 ### Impact The `tempo/session` cooperative close handler validated the close vo	HIGH	7.5	0.0%	FIX	2026-03-29
38	CVE-2026-3029 A path traversal and arbitrary file write vulnerability exist in the embedded ge	HIGH	7.5	0.0%	FIX	2026-03-19
38	CVE-2026-33034 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-4748 A regression in the way hashes were calculated caused rules containing the addre	HIGH	7.5	0.0%		2026-04-01
38	CVE-2026-33143 ### Summary The WhatsApp POST webhook handler (`/notification/whatsapp/webhook`	HIGH	7.5	0.0%	FIX	2026-03-18
38	CVE-2026-24372 Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for W	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-23242 In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: F	HIGH	7.5	0.0%	FIX	2026-03-18
38	CVE-2026-25002 Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPr	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-2328 An unauthenticated remote attacker can exploit insufficient input validation to	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-34824 ### Summary An uncontrolled resource consumption vulnerability exists in the Web	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2025-12664 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-4258 All versions of the package sjcl are vulnerable to Improper Verification of Cryp	HIGH	7.5	0.0%	FIX	2026-03-17
38	CVE-2026-22448 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	HIGH	7.5	0.0%		2026-03-25
38	CVE-2026-33487 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6	HIGH	7.5	0.0%	FIX	2026-03-26
38	CVE-2026-33242 ### Details A Path Traversal and Access Control Bypass vulnerability was discov	HIGH	7.5	0.0%	FIX	2026-03-19
38	CVE-2025-69240 Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to a	HIGH	7.5	0.0%		2026-03-16
38	CVE-2026-4652 On a system exposing an NVMe/TCP target, a remote client can trigger a kernel pa	HIGH	7.5	0.0%		2026-03-26
38	CVE-2026-28498 ## 1. Executive Summary A critical library-level vulnerability was identified i	HIGH	7.5	0.0%	FIX	2026-03-16
38	CVE-2026-39304 Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apa	HIGH	7.5	0.0%	FIX	2026-04-10
38	CVE-2026-28377 A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintex	HIGH	7.5	0.0%	FIX	2026-03-26
38	CVE-2026-30080 OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity pro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerabil	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component. This vuln	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component. This vulne	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2025-50644 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50647 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specificall	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50648 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50650 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50653 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50667 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50668 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50669 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-52222 D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2026-29129 Configured cipher preference order not preserved vulnerability in Apache Tomcat.	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-29146 Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50654 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50662 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insuf	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50657 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50655 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50660 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50663 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34487 Insertion of Sensitive Information into Log File vulnerability in the cloud memb	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-32287 Boolean XPath expressions that evaluate to true can cause an infinite loop in lo	HIGH	7.5	0.0%	FIX	2026-03-26
38	CVE-2026-24880 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab	HIGH	7.5	0.0%	FIX	2026-03-24
38	CVE-2025-56015 In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI AP	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-33282 ## Summary Ella Core panics when processing a malformed NGAP LocationReport mes	HIGH	7.5	0.0%	FIX	2026-03-19
38	CVE-2026-33002 Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (b	HIGH	7.5	0.0%	FIX	2026-03-18
38	CVE-2025-50649 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2299d
CVE-2020-5902	CRITICAL	9.8	223	2112d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2229d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 17 / 23 Next